Presentation is loading. Please wait.

Presentation is loading. Please wait.

COSO’s New ERM Exposure Draft: What You Should Know

Published byDale Lucas Modified over 6 years ago

Similar presentations

Presentation on theme: "COSO’s New ERM Exposure Draft: What You Should Know"— Presentation transcript:

1 COSO’s New ERM Exposure Draft: What You Should Know
Paul Sobel, CIA, QIAL, CRMA Vice President and CAE, Georgia-Pacific COSO Advisory Council member

2 COSO’s Fundamental Principle
Mission COSO’s Mission is “To provide thought leadership through the development of comprehensive frameworks and guidance on enterprise risk management, internal control and fraud deterrence designed to improve organizational performance and governance and to reduce the extent of fraud in organizations.” COSO’s Fundamental Principle Good risk management and internal control are necessary for long term success of all organizations

3 Why Update the Framework Now?
Concepts and practices have evolved Lessons learned Bar raised with respect to enterprise risk management Business and operating environments more complex, technologically driven, and global in scale Stakeholders more engaged, seeking greater transparency and accountability Risk discussions increasingly prominent at the board level

4 SEC Proxy Requirement…
Provide Information About Board Leadership Structure and the Board's Role in Risk Oversight: The SEC approved rules relating to board leadership structure and the board's role in risk oversight. The rules require disclosure about: A company's board leadership structure, including whether the company has combined or separated the chief executive officer and chairman position, and why the company believes its structure is the most appropriate for the company at the time of the filing. In certain circumstances, whether and why a company has a lead independent director and the specific role of such director. The extent of the board's role in the risk oversight of the company.

5 Project Governance Advisory Council and Observers:
COSO Board PwC Project Team Advisory Council Observers Advisory Council and Observers: Consists of over 25 professionals Provides input, expertise, feedback, insight, and ideas throughout the update. Obtains and synthesizes feedback from their respective constituency, organization, industry

6 Advisory Council Official Observers CRO’s FDIC Risk Luminaries OIG
Risk Management, ERM University Professors Chief Audit Executives Accounting Firm Risk Practice Partners Board Members Public Sector Company Executives FDIC OIG GAO IMA IFAC RIMS ISACA China Ministry of Finance (Special) SEC - declined PCAOB determined to not be relevant given no audit requirements

7 Framework Update Approach
1 2 3 4 5 Assess Envision Design and Build Public Exposure Process Finalize

8 Foundational Concepts of ERM
Every entity exists to provide value for its stakeholders All entities face uncertainty Uncertainty presents both risk and opportunity The challenge for management is to determine how much uncertainty to accept as it strives to grow stakeholder value ERM enables management to effectively manage uncertainty and associated risk and opportunity

9 Topics Included in the 2004 COSO ERM Framework…
Aligning Risk Appetite and Strategy Enhancing Risk Response Decisions Reducing Operational Surprises and Losses Identifying and Managing Multiple and Cross-enterprise Risks Seizing Opportunities Improving Deployment of Capital

10 What is your ideal view of ERM?
Baked in, embedded, not a bolt-on Accelerates growth and success Improves decision making and performance Discipline, not a process Ability to take on more risk Continuous, identifiable, structured

11 What are Three Strengths of the 2004 Framework?
Linking risk to strategy setting Linkage to objectives Discussion of risk responses Linkage to internal control Evaluation/attestation criteria concept Discussion of board governance and oversight Due process

12 What are Three Significant Areas for Update and Revision?
Update principles Revise definitions of risk, ERM and other key terms Improve its usefulness Consider introducing maturity models Review format, structure, length, complexity Emphasize the opportunity side of risk

13 What Should the Framework Do to Stay Relevant for the Next 10 years?
Include maturity models Highlight sustainability Focus on governance Review principles Stay a framework Add update materials, papers

14 What Would Improve User Acceptance?
Increased CEO and board engagement and buy-in Inclusion of case studies and examples of success Clearer value proposition Greater and more effective promotion Alignment to relevant regulatory requirements

15 What’s Likely to Stay the Same…
Link to strategy and objectives An activity involving many people – board, management and others Ability to cascade down to subsidiary, division, function, etc. Risk identification, assessment, prioritization and response Control activities as a possible response, link to internal control An ability to assess effectiveness Monitoring to ensure effectiveness and value of efforts A definitive body of knowledge and thought leadership

16 What Might Be New… Risk governance and culture concepts
Emphasis on integration into decision-making Integration with performance management Revised definitions and vocabulary – including uncertainly concept More focus on using and leveraging information More emphasis on value creation, preservation and realization Mission, vision and values discussion Many more examples including reporting examples Introduction of risk curves

17 Components and Principles Structure
COSO 2013 Internal Control Framework

18 Possible COSO ERM Components
Risk Governance and Culture Risk, Strategy and Objective Setting Risk in Execution Risk Information, Communication and Reporting Monitoring Enterprise Risk Management Performance

19 Currently, ERM is Defined as….
“A process effected by an entity’s board of directors, management and other personnel, applied in a strategic setting and across the enterprise, designed to identify potential events that may affect the entity, and manage risk to be within its risk appetite, to provide reasonable assurance regarding the achievement of entity objectives.”

20 Potential New Definition …
“The culture, capabilities and practices, integrated with strategy-setting and its execution, that organizations rely on to manage risk in creating, preserving and realizing value.”

21 And Maybe- A New Graphic!

22 Bridging Between ERM and Internal Control Frameworks

23 Incrementalism… “How would you like to meet more of your objectives more of the time? “

24 Respond to the exposure draft!!!
Some Key Take-Aways Everyone is doing ERM – can you do it better? You need the right Tone at the Top Analyze, understand and communicate your strategy better Tie it in to decision-making and performance, cascade it down Stay attuned to what’s on the horizon (emerging risks, change) Leverage information Keep it moving – it’s a journey Make it happens all the time – it’s part of all decision-making Respond to the exposure draft!!!

25 Thank You

Download ppt "COSO’s New ERM Exposure Draft: What You Should Know"

Similar presentations

Risk Management at Harvard – Panel Discussion Harvard IT Summit

Risk Management at Harvard – Panel Discussion Harvard IT Summit
Internal Control–Integrated Framework

Internal Control–Integrated Framework
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Lisanne Sison Director ERM Bickmore

Lisanne Sison Director ERM Bickmore
Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.

Federal Audit Executive Council (FAEC) June 2012 Bi-Monthly Meeting Heather I. Keister Doris G. Yanger June 14, 2012 Green Book Update.
IMFO Audit & Risk Indaba June 2012

IMFO Audit & Risk Indaba June 2012
Strategy 2022: A Holistic View Tony Hayes International President ISACA 2013-2014 © 2012, ISACA. All rights reserved.

Strategy 2022: A Holistic View Tony Hayes International President ISACA © 2012, ISACA. All rights reserved.
It’s Time to Talk About Risk and Control

It’s Time to Talk About Risk and Control
Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.

Executive Insight through Enhanced Enterprise Risk Management Leverage Value From Your Risk Management Investment.
CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.

CHAPTER 16 Auditing and corporate governance. Contents  Corporate governance  Independent directors  Chairman of the board and chief executive officer.
2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,

2011 Governance, Risk, and Compliance Conference August 29 – 31, 2011 / Orlando, FL, USA The Top Four Essential Objectives to Auditing ERM Stephen E. McBride,
Eliot M. Stenzel, CPA,CIA IIA Instructor for many years. 220-3198 Risk Based Auditing.

Eliot M. Stenzel, CPA,CIA IIA Instructor for many years Risk Based Auditing.
Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.

Office of the Secretary of Defense – Comptroller Financial Improvement and Audit Readiness Directorate Unclassified 17 September 2014 GAO Revised “Green.
Applying COSO’s Enterprise Risk Management — Integrated Framework

Applying COSO’s Enterprise Risk Management — Integrated Framework
Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.

Expanded Version of COSO a presentation by Steve Wadleigh Expanded Version of COSO a presentation by Steve Wadleigh Standards for Internal Control in the.
“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.

“The Impact of Sarbanes Oxley, An Evolving Best Practice” Ellen C. Wolf Senior Vice President & Chief Financial Officer American Water National Association.
Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.

Copyright © 2016 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
COSO Framework Update IIA Columbus Chapter May 17, 2013

COSO Framework Update IIA Columbus Chapter May 17, 2013
Information Technology Audit

Information Technology Audit
Internal Auditing and Outsourcing

Internal Auditing and Outsourcing

Similar presentations

Ads by Google